7.8 CVE-2022-1897

Exploit Patch

 

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
https://nvd.nist.gov/vuln/detail/CVE-2022-1897

Categories

CWE-787 : Out-of-bounds Write
Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

References

CONFIRM Patch Exploit

FEDORA

FEDORA-2022-5ce148636b
Mailing List Third Party Advisory
FEDORA-2022-d94440bf0e
Mailing List Third Party Advisory
FEDORA-2022-bb2daad935
Mailing List Third Party Advisory

FULLDISC

GENTOO

GLSA-202208-32
Third Party Advisory

MISC Patch

_MLIST


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* < 8.0.5023
Configuration 2
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Configuration 3
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* < 13.0
Configuration 4
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Patch

Url
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118

CAPEC

id description severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution